> On Oct 17, 2013, at 7:51 AM, [email protected] wrote:
> > Stephen Farrell <[email protected]> on Oct 15, 2013 5:31PM wrote:
> >> Better understanding is always good and the main goal here (at least
> >> mine) is to make pervasive monitoring more expensive to the extent
> >> technically feasible. Personally, I think there are things about IMAP
> >> that could be impoved but I'm very skeptical that we can "solve" the
> >> problem for mail in general. (Some others on this list are more
> >> optimistic.)
> >
> > You're still not answering the question, at least directly, and I really
> > want a
> > direct answer. More expensive for whom? The vast majority of current and
> > likely
> > future email users, who seem perfectly happy to use the service offerings of
> > large ISPs and MSPs? If so, then any proposal you come up with needs to
> > done in
> > a way that persuades those providers that making changes to their service
> > offerings is the right thing for them to do.
> Dear Ned,
> Improving the efficiency of email acceptance might be this incentive. As
> IPv6 becomes pervasive, an authenticated domain source as a basis is likely to
> be more sustainable over time. Establishing expectations that StartTLS
> confirms both server and client certificates affords improved transactional
> protection from spoofing or reputation poisoning, especially with the
> transparency and economy afforded by DANE for protection from simple
> monitoring, malicious spoofing, and reputation poisoning. Providers will need
> to be trustworthy and may need to reside in specific geopolitical regions
> willing to ensure such protections.
I must be missing something here, because I don't see how what we've been
discussing - preventing pervasive surveilance in general and mandating
SSL/TLS on more connections in particular - has anything to do with email
acceptance.
> Multiple keying of encrypted data where each key subset resides in different
> geopolitical regions might be a way to increase trust, but this is not
> off-the-shelf crypto which you state as a requirement.
The security of IMAP and similar mailbox manipulation protocols seems
entirely divorced from what you're talking about.
Ned
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
